70971148ed1fadb17a1de707b03b0b61bcf9d523c540b9bf4e411b5bb0dda5f0

Analysis

max time kernel
1796s
max time network
1170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 18:35

Target

Cronic.exe
Size

14KB
MD5

726d50c3e3dd789d43664aa5c3c3f9de
SHA1

f69e053040b09e422a712c4bf31ce20875186e31
SHA256

8a865d95f2c90c97fe3d762608ebc8040033cac5882e5534675b6b1f056e9c19
SHA512

872b347a0dd0cdb46959b9b41ad20dfc7dcfaf3cee8a27aa90b33700a44147edf631e03c3bd7ca8867dbcb2b02efc6c05ee0e8dd31062770c39d2ad13a1db56a
SSDEEP

96:UxDJBVLZaxd5wLqLodjPdIGeQTH7EZ1U1B2Rti5KaJR/sjMcl13sPNjevqa7pYkC:UZJYVwm6TAE4ixQMpefpvaE55tfVD

Score

1^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	1844	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1844	AUDIODG.EXE
Token: SeManageVolumePrivilege	404	svchost.exe

C:\Users\Admin\AppData\Local\Temp\Cronic.exe
"C:\Users\Admin\AppData\Local\Temp\Cronic.exe"
1⤵
PID:624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1844

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3204

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:404

memory/404-0-0x00000167D0050000-0x00000167D0060000-memory.dmp

Filesize
64KB

Download
memory/404-16-0x00000167D0150000-0x00000167D0160000-memory.dmp

Filesize
64KB

Download
memory/404-32-0x00000167D84C0000-0x00000167D84C1000-memory.dmp

Filesize
4KB

Download
memory/404-34-0x00000167D84F0000-0x00000167D84F1000-memory.dmp

Filesize
4KB

Download
memory/404-35-0x00000167D84F0000-0x00000167D84F1000-memory.dmp

Filesize
4KB

Download
memory/404-36-0x00000167D8600000-0x00000167D8601000-memory.dmp

Filesize
4KB

Download